So we have detection as ELF:Scanner-BE [Trj] and we are being protected.
This is a typical malware that targets the core system of Windows in order to complete its tasks. ELF:Agent-BR [Trj] was made to execute a series of commands once it gets inside the system. It will gather data like system settings, Windows version, network configuration, and so on. Collected data will be sent to remote attacker for analysis.
Payload
In order to run itself on Windows start-up, ELF:Agent-BR [Trj] will make a copy of itself under system files. Then, registry entry is created to call the file on each Windows boot-up. Apart from that, this malware will also drop non-malicious files on various folders of the compromised PC.
ELF:Agent-BR [Trj] occasionally connects to a remote host to execute tasks like the following:
Notify attacker on the new infection
Sends gathered data from the infected computer
Download and execute additional files including an updated version of the trojan
Accept command from a remote attacker/ Do not use any risk tools against such threats.
polonus